not to be that guy, but powercode, sonar, etc... they do this for you and redirect them to say "hey, bum, pay"
On Mon, Mar 26, 2018 at 11:16 AM, Cameron Crum <cc...@murcevilo.com> wrote: > If you didn't want the redirect, you could just write a quick firewall to > drop all traffic from the suspended list as well, but redirecting to a > portal is preferable in my view. > > Cameron > > On Mon, Mar 26, 2018 at 11:09 AM, Sam Lambie <samtaos...@gmail.com> wrote: > >> thank you Cameron. I appreciate it! >> >> On Mon, Mar 26, 2018 at 10:04 AM, Cameron Crum <cc...@murcevilo.com> >> wrote: >> >>> Here is a MT script to set up the web proxy redirect. Obviously you will >>> need to change the urls in the last section under /ip proxy address. This >>> script takes anything in the 'suspended' address list and redirects port 80 >>> traffic to whatever you put in place of myportal.com. You also need to >>> match the ip range at the bottom to whatever ip range you are handing out >>> to your customers. You can add as many of that last rule as you need to >>> cover all your ranges. As for the ssh script, it should be easy enough to >>> write a simple script to ssh in and launch one of these: >>> >>> /ip firewall address-list add address=x.x.x.x list=suspended >>> >>> and to remove >>> >>> /ip firewall address-list remove [find address=x.x.x.x] >>> >>> The web proxy set up script is this (only run this one time, then move >>> all the rules to the top of their respective firewall sections): >>> >>> >>> add action=accept chain=input comment=\ >>> "Allow Proxy - redirect suspended users - this and then next five >>> rules should be at the top of the filter list" disabled=no dst-port=16099 \ >>> protocol=tcp >>> add action=jump chain=forward disabled=no jump-target=Suspended \ >>> src-address-list=suspended >>> add action=accept chain=Suspended disabled=no dst-port=443 protocol=tcp >>> add action=accept chain=Suspended disabled=no \ >>> dst-port=53 protocol=udp >>> add action=log chain=Suspended disabled=no dst-address-list=!PaymentGateway >>> limit=5/1m,10 log-prefix="" >>> add action=reject chain=Suspended disabled=no reject-with=\ >>> icmp-admin-prohibited >>> >>> /ip firewall nat >>> add action=redirect chain=dstnat comment="Redirect Nat Rule for suspend >>> users - put this rule at the top of the list " disabled=no dst-port=80 \ >>> protocol=tcp src-address-list=suspended to-ports=16099 >>> >>> /ip proxy >>> set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 >>> cache-on-disk=no enabled=\ >>> yes max-cache-size=none max-client-connections=600 max-fresh-time=3d >>> max-server-connections=\ >>> 600 parent-proxy=0.0.0.0 parent-proxy-port=0 port=16099 >>> serialize-connections=no src-address=\ >>> 0.0.0.0 >>> /ip proxy access >>> add action=allow disabled=no dst-host=mywebsite.com >>> add action=allow disabled=no dst-host=www.mywebsite.com >>> add action=deny disabled=no redirect-to=myportal.com src-address=\ >>> x.x.x.x/24 >>> >>> >>> >>> >>> >>> >>> On Mon, Mar 26, 2018 at 10:53 AM, Sam Lambie <samtaos...@gmail.com> >>> wrote: >>> >>>> We are in the the process of going to MT. But now, plain ole Linksys >>>> e2500's. >>>> >>>> On Mon, Mar 26, 2018 at 9:51 AM, Cameron Crum <cc...@murcevilo.com> >>>> wrote: >>>> >>>>> Are you using MT routers? I can show you a script to ssh to the router >>>>> and move him to an address list that either redirects him through a web >>>>> proxy or just drops all traffic. >>>>> >>>>> On Mon, Mar 26, 2018 at 10:36 AM, Sam Lambie <samtaos...@gmail.com> >>>>> wrote: >>>>> >>>>>> Has anyone used a script to check say every 5 minutes when an SM is >>>>>> up and make changes to it? If so, got an example? >>>>>> >>>>>> Ideally, I want to turn off the ethernet interface of the radio as >>>>>> the customer is a bum, but he keeps weird hours an I don't want to be >>>>>> glued >>>>>> to my seat checking when he is up. >>>>>> I know that I could just block is WAN IP, but this is something I am >>>>>> interested in and have never done. >>>>>> Thanks >>>>>> Sam >>>>>> >>>>>> -- >>>>>> -- >>>>>> *Sam Lambie* >>>>>> Taosnet Wireless Tech. >>>>>> 575-758-7598 <(575)%20758-7598> Office >>>>>> www.Taosnet.com <http://www.newmex.com> >>>>>> >>>>> >>>>> >>>> >>>> >>>> -- >>>> -- >>>> *Sam Lambie* >>>> Taosnet Wireless Tech. >>>> 575-758-7598 <(575)%20758-7598> Office >>>> www.Taosnet.com <http://www.newmex.com> >>>> >>> >>> >> >> >> -- >> -- >> *Sam Lambie* >> Taosnet Wireless Tech. >> 575-758-7598 <(575)%20758-7598> Office >> www.Taosnet.com <http://www.newmex.com> >> > >
